<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
<p class="p1">Hi,</p>
<p class="p2"> </p>
<p class="p1">I compiled nginx 1.7.10 + LibreSSL 2.1.4, but am not able to use ECC certificates.</p>
<p class="p2"> </p>
<p class="p1">nginx -V:</p>
<p class="p1">nginx version: nginx/1.7.10</p>
<p class="p1">built by gcc 4.7.2 (Debian 4.7.2-5) </p>
<p class="p1">TLS SNI support enabled</p>
<p class="p1">configure arguments: --with-openssl=/root/git/build_nginx/build/libressl-2.1.4 --with-pcre=/root/git/build_nginx/build/pcre-8.36 --add-module=/root/git/build_nginx/build/echo-nginx-module-0.57 --with-ld-opt=-lrt --prefix=/usr/local/nginx --conf-path=/etc/nginx-libressl/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-file-aio --with-http_spdy_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module</p>
<p class="p2"> </p>
<p class="p3"><span class="s1">Using this script: <a href="https://gist.github.com/leonklingele/a669803060fa92817f64"><span class="s2">https://gist.github.com/leonklingele/a669803060fa92817f64</span></a></span></p>
<p class="p2"> </p>
<p class="p1">nginx error log gives me these messages:</p>
<p class="p1">2015/03/09 17:00:11 [notice] 6484#0: signal process started</p>
<p class="p1">2015/03/09 17:00:15 [alert] 6486#0: *732628 ignoring stale global SSL error (SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you should not call) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443</p>
<p class="p1">2015/03/09 17:01:23 [notice] 6785#0: signal process started</p>
<p class="p1">2015/03/09 17:01:25 [alert] 6787#0: *733012 ignoring stale global SSL error (SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you should not call) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443</p>
<p class="p1">2015/03/09 17:05:27 [notice] 7479#0: signal process started</p>
<p class="p1">2015/03/09 17:05:35 [alert] 7481#0: *734270 ignoring stale global SSL error (SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you should not call) while SSL handshaking, client: xxx.xxx.xxx.xxx, server: 0.0.0.0:443</p>
<p class="p2"> </p>
<p class="p1">RSA certificates work perfectly fine.</p>
<p class="p1">I generated the ECDSA CSR (for Comodo) using:</p>
<p class="p1">$ openssl ecparam -out private.key -name secp384r1 -genkey</p>
<p class="p1">$ openssl req -new -key private.key -nodes -out request.csr</p>
<p class="p2"> </p>
<p class="p1">Is this issue related to nginx or LibreSSL?</p>
<p class="p2"> </p>
<p class="p3"><span class="s1">Also see: <a href="http://forum.nginx.org/read.php?2,256381,256381#msg-256381"><span class="s2">http://forum.nginx.org/read.php?2,256381,256381#msg-256381</span></a></span></p>
<p class="p2"> </p>
<p class="p2"> </p>
<p class="p1">Thanks for helping,</p>
<p class="p1">Jonathan Müller</p>
</div></div></body></html>